In the turn of the century, the world will probably fear the Internet more than crooks and murderers. If you think it's a far-fetched idea, just take a look around you and you will see everywhere there is new malwares making their way to your computers. You may lock your doors and bolt your windows against a physical attack but in the case of malware, the technology is still nascent. It's making progress but not at the pace where we can ward off attacks coming out from every nook and corner. Reports are now surfacing of a malware that has managed to infect more than 250 million computers and the tab is running.
Check Point Threat Intelligence and research teams were the first to catch hold of this malware, dubbed Fireball. So how bad is it? Well according to the official description, it takes a hold of the browsers and makes them "zombies" and I am quoting verbatim here.
Fireball is a doubled-edged threat, it has the ability to run any code that it wants to the target computer, which also means it is able to download any files or malware it wants on the infected computer. This makes it a malware which adds in more malware aka a prefect recipe for disaster.
It also does its usual side gig and manipulates the user's web-traffic to garner web traffic for the sites that has caught its fancy. All this happens and you are sitting in front of the computer tearing your hairs off your head in desperation.
Although, it has currently kept itself content with the latter i.e. boosting ad revenue via plug-ins and tinkering with the configurations but it's a ticking time bomb and may anytime start to go nuclear on the computer making it go kaput.
The organization behind this nefarious malware, according to Check Point is Rafotech, a large digital marketing agency based in Beijing, which is excellent, considering the lovely wall they have against other countries to cry foul on their home-grown organizations. The firm makes use of Fireball to manipulate browsers to change their default search engines into a fake one, said the report. The fake search engines also have tracking pixels capable of collecting user's private information.
Fireball is able to spy on its victims, drop new malwares into the system and execute any harmful code according to its whim and fancy. It goes without saying that this creates a elephantine crack in the machines and networks, which have been infected.
As per Check Point's analysis, this malware has infected more than 250 million computers, the worst hit among them are India with 25.3 million infections, Brazil comes in with 24.1 million infections and Indonesia has 13.1 million infections so far via Fireball.
Rafotech claims that it can reach 300 million users worldwide and although it doesn't admit that it has anything to do with Fireball and its associated mayhem, Check Point was quick to point out the numbers co-aligned with the infection estimations they have put across.
What Rafotech does according to Check Point is a walk in the grey area between legitimacy and illegitimacy. The firm knows that malware distribution may be a crime but adware distribution isn't.
There is actually a term for it, calling bundling i.e. packing some unwanted program with a program that is on demand and giving it to you for use. Sometimes it seeks permission, most of the times it doesn't.
Check Point believes that Rafotech does this with extreme gusto and although the malware and the fake search engines don't carry direct linkage to the firm, they can't be uninstalled by someone, who is not software savvy and they also mask their true intentions.
According to Checkpoint, Rafotech is using Rafotech products – Deal Wifi and Mustang Browser - to bundle this malware with and also partnering it with other freewares such as, "Soso Desktop", "FVP Imageviewer"
Check Point says that it is not necessary that a malware would download itself on the computer as soon as the freeware has been downloaded, sometimes it lies dormant and does so on an opportune time.